<?php

// phpMyRealty 3
//
// File Name: addusers.php
// File Location : ./admin/
//
// Copyright (c)2009 phpMyRealty.com
//
// e-mail: support@phpMyRealty.com

// Include configuration file and general functions
define('PMR', 'true');
define('PMRADMIN', 'true');

include ( '.././config.php' );
include ( PATH . '/defaults.php' );

// ----------------------------------------------------------------------
// ADMIN PANEL / ADD USER

// Title tag content
$title = $lang['Realtor_Submit'];

// Template header
include ( PATH . '/admin/template/header.php' );

// If logged we can start the page output
if (adminAuth($session->fetch('adminlogin'), $session->fetch('adminpassword')))

 {

 // Include navigation panel
 include ( PATH . '/admin/navigation.php' );

 // Make sure this administrator have access to this function
 adminPermissionsCheck('manage_users', $session->fetch('adminlogin')) or error ('Critical Error', 'Incorrect privileges');

 // If the Submit button was pressed we start this routine
 if (isset($_POST['submit_realtor']) 
 && $_POST['submit_realtor'] == $lang['Realtor_Submit'])
  {

   $form = array();

   // safehtml() all the POST variables
   // to insert into the database or
   // print the form again if errors
   // found
   $form = array_map('safehtml', $_POST);

   // Keep newlines.
   $form['realtor_description'] = safehtml_cms(@$_POST['realtor_description']);
   
   // Make login and password lower case
   $login2 = strtolower ($_POST['realtor_login']);
   $password2 = $_POST['realtor_password'];

   // Cut the description length to the required
   // if the Java Script is disabled 
   $form['realtor_description'] = substr ($form['realtor_description'], 0, $conf['realtor_description_size']);

   echo table_header ( $lang['Information'] );

   // Initially we think that no errors were found
   $count_error = 0;

   // Check for the empty or incorrect required fields
   if (empty($form['realtor_first_name']) || strlen($form['realtor_first_name']) < 2 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_First_Name'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_last_name']) || strlen($form['realtor_last_name']) < 2 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_Last_Name'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_city']) || strlen($form['realtor_city']) < 2 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['City'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_address']) || strlen($form['realtor_address']) < 4 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_Address'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_zip_code']) || strlen($form['realtor_zip_code']) < 4 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Zip_Code'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_phone']) || strlen($form['realtor_phone']) < 4 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_Phone'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_e_mail']) || strlen($form['realtor_e_mail']) < 4  || !valid_email($form['realtor_e_mail']))
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_e_mail'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_login']) || strlen($form['realtor_login']) < 4 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_Login'] . '</span><br />'; $count_error++;}

   if (empty($form['realtor_password']) || strlen($form['realtor_password']) < 4 )
    { echo $lang['Field_Empty'] . ' - <span class="warning">' . $lang['Realtor_Password'] . '</span><br />'; $count_error++;}

   // Check if login is already exist
   $sql = 'SELECT login FROM ' . USERS_TABLE . ' WHERE login = "' . safehtml($login2) . '"';
   $r = $db->query($sql) or error ('Critical Error', mysql_error () );
 
   if ($db->numrows($r) > 0 )
    { echo $lang['Login_Used'] . '<br />'; $count_error++;}

   // Check if email is banned
   $sql = 'SELECT * FROM ' . BANS_TABLE . ' WHERE name = "' . safehtml($form['realtor_e_mail']) . '" LIMIT 1';
   $r = $db->query($sql) or error ('Critical Error', mysql_error () );

   if ($db->numrows($r) > 0 )
    { echo $lang['e_mail_Banned'] . '<br />'; $count_error++;}

   // Make sure login and password consist of letters and numbers only
   if (!eregi('^[a-z0-9]+$', $login2))
    { echo $lang['Login_Incorrect'] . '<br />'; $count_error++;}

   if (!eregi('^[a-z0-9]+$', $password2))
    { echo $lang['Password_Incorrect'] . '<br />'; $count_error++;}

   // Check if both passwords are equal
   if ($form['realtor_password'] != $form['realtor_password_2'])
    { echo $lang['Passwords_Missmatch'] . '<br />'; $count_error++;}

   if ($count_error > '0')
    echo '<br /><span class="warning">' . $lang['Errors_Found'] . ': ' . $count_error . '</span><br />';

   // If no errors were found during the above checks we continue
   if ($count_error == '0')
    {

    // Add realtor listing into the database

    $approved = 1;

    // Get the user IP address
    $user_ip = $_SERVER['REMOTE_ADDR'];
    // If there is more than one IP
    // get the first one from the 
    // comma separated list
    if ( strstr($user_ip, ', ') ) 
     {
      $ips = explode(', ', $user_ip);
      $user_ip = $ips[0];
     }    

    // Create a mysql query
    $sql = 'INSERT INTO '. USERS_TABLE .
      ' (package, approved, first_name, last_name, company_name,
	description, location, city, zip, address,
	phone, fax, mobile, email, website, rating,
	votes, date_added, ip_added, login, password) VALUES
	("' . $form['package'] . '", ' . $approved . ', "' . $form['realtor_first_name'] . '", "' . $form['realtor_last_name']. '", "' . $form['realtor_company_name'] . '", "'
	. $form['realtor_description'] . '", ' . $form['realtor_location'] . ', "' . $form['realtor_city'] . '", "' . $form['realtor_zip_code'] . '", "' . $form['realtor_address'] . '", "'
	. $form['realtor_phone'] . '", "' . $form['realtor_fax'] . '", "' . $form['realtor_mobile'] . '", "' . $form['realtor_e_mail'] . '", "' . $form['realtor_website'] . '", 0,
	 0, "' . date ('Y-m-d') . '", "' . $user_ip . '", "' . $login2 . '", "' . md5($password2) . '")';

    $db->query($sql) or error ('Critical Error', mysql_error ());

    // Fetch the last auto incremented listing id
    $id = mysql_insert_id();

    if ($form['package'] != '')
     // Make  Featured
     update_agents_package ($id , $form['package']);


    // Output the 'Thank you' message

    echo $lang['Realtor_Listing_Submitted'];

   }

  echo table_footer ( );

 }

// If we open submit.php for the first time
// or there were errors found in the form fields 
// we output the form again with the old variables 
// included
if (!isset($count_error) || $count_error > '0')

 {

  echo table_header ( $lang['Menu_Submit_Listing'] );

  // Define the form variables if the form is loaded for the first time
  if (!isset($form) || (isset($count_error) && $count_error == '0'))
   {
    $form = array();
    $form['package'] = '0';
    $form['realtor_first_name'] = '';
    $form['realtor_last_name'] = '';
    $form['realtor_company_name'] = '';
    $form['realtor_description'] = '';
    $form['realtor_location'] = '';
    $form['realtor_city'] = '';
    $form['realtor_address'] = '';
    $form['realtor_zip_code'] = '';
    $form['realtor_phone'] = '';
    $form['realtor_fax'] = '';
    $form['realtor_mobile'] = '';
    $form['realtor_e_mail'] = '';
    $form['realtor_website'] = '';
    $form['realtor_login'] = '';
    $form['realtor_password'] = '';
   }

  // Output the form
  echo '
   <form action="' . URL . '/admin/addusers.php" method="POST">
    <table width="100%" cellpadding="5" cellspacing="0" border="0">
       ';

  echo userform ($lang['Admin_Packages_Name'], '<select name="package"><option value="0">Free</option>' . generate_agents_packages_list($form['package']) . '</select>');
  echo userform ($lang['Realtor_First_Name'], '<input type="text" size="45" name="realtor_first_name" value="' . $form['realtor_first_name'] . '" maxlength="255">', '1');
  echo userform ($lang['Realtor_Last_Name'], '<input type="text" size="45" name="realtor_last_name" value="' . $form['realtor_last_name'] . '" maxlength="255">', '1');
  echo userform ($lang['Realtor_Company_Name'], '<input type="text" size="45" name="realtor_company_name" value="' . $form['realtor_company_name'] . '" maxlength="255">');
  echo userform ($lang['Realtor_Description'], '<textarea wrap="soft" cols="45" rows="10"  name="realtor_description" onKeyDown="textCounter(this.form.realtor_description,this.form.realtor_description_counter, ' . $conf['realtor_description_size'] . ');" onKeyUp="textCounter(this.form.realtor_description,this.form.realtor_description_counter, ' . $conf['realtor_description_size'] . ');">' . html_entity_decode_utf8($form['realtor_description']) . '</textarea>');
  echo userform ('', '<input readonly type="text" name="realtor_description_counter" size="5" maxlength="5" value="' . $conf['realtor_description_size'] . '"> ' . $lang['Characters_Left']);
  echo userform ($lang['Location'], '<select name="realtor_location">' . generate_options_list(LOCATIONS_TABLE, $form['realtor_location']) . '</select>', '1');
  echo userform ($lang['City'], '<input type="text" size="45" name="realtor_city" value="' . $form['realtor_city'] . '" maxlength="50">', '1');
  echo userform ($lang['Realtor_Address'], '<input type="text" size="45" name="realtor_address" value="' . $form['realtor_address'] . '" maxlength="255">', '1');
  if (strcasecmp($conf['show_postal_code'], 'OFF'))
      echo userform ($lang['Zip_Code'], '<input type="text" size="45" name="realtor_zip_code" value="' . $form['realtor_zip_code'] . '" maxlength="20">', '1');
  echo userform ($lang['Realtor_Phone'], '<input type="text" size="45" name="realtor_phone" value="' . $form['realtor_phone'] . '" maxlength="50">', '1');
  echo userform ($lang['Realtor_Fax'], '<input type="text" size="45" name="realtor_fax" value="' . $form['realtor_fax'] . '" maxlength="50">');
  echo userform ($lang['Realtor_Mobile'], '<input type="text" size="45" name="realtor_mobile" value="' . $form['realtor_mobile'] . '" maxlength="50">');
  echo userform ($lang['Realtor_e_mail'], '<input type="text" size="45" name="realtor_e_mail" value="' . $form['realtor_e_mail'] . '" maxlength="50">', '1');
  echo userform ($lang['Realtor_Website'], '<input type="text" size="45" name="realtor_website" value="' . $form['realtor_website'] . '" maxlength="255">');
  echo userform ($lang['Realtor_Login'], '<input type="text" size="45" name="realtor_login" value="' . $form['realtor_login'] . '"maxlength="50">', '1');
  echo userform ($lang['Realtor_Password'], '<input type="password" size="45" name="realtor_password" maxlength="50">', '1');
  echo userform ($lang['Realtor_Password_Repeat'], '<input type="password" size="45" name="realtor_password_2" maxlength="50">', '1');
  // Submit button
  echo userform ('', '<input type="Submit" name="submit_realtor" value="' . $lang['Realtor_Submit'] . '">');

  echo '
    </table>
   </form>
       ';

  echo table_footer ();

 }

 }

else

 error ('Critical Error' , 'Please, login to access this script.');

// Template footer
include ( PATH . '/admin/template/footer.php' );

?>